diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9b2cfe8b..b5880543 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ This is the rolling changelog for TShock for Terraria. Use past tense when addin
 
 ## TShock 4.3.26
 * Removed the stat tracking system. (@hakusaro)
+* Updated SQLite binaries. (@hakusaro)
+* Removed server-sided healing when disabled. (@QuiCM)
+* Patched an exploit that allowed users to kill town NPCs (@QuiCM)
+* [API] Added a patch for the 0-length crash (@QuiCM)
 
 ## TShock 4.3.25
 * Fixed a critical exploit in the Terraria protocol that could cause massive unpreventable world corruption as well as a number of other problems. Thanks to @bartico6 for reporting. Fixed by the efforts of @QuiCM, @hakusaro, and tips in the right directioon from @bartico6.
diff --git a/TShockAPI/GetDataHandlers.cs b/TShockAPI/GetDataHandlers.cs
index 0bb216e1..99264206 100644
--- a/TShockAPI/GetDataHandlers.cs
+++ b/TShockAPI/GetDataHandlers.cs
@@ -1230,8 +1230,7 @@ namespace TShockAPI
 					{ PacketTypes.ProjectileNew, HandleProjectileNew },
 					{ PacketTypes.TogglePvp, HandleTogglePvp },
 					{ PacketTypes.PlayerTeam, HandlePlayerTeam },
-					{ PacketTypes.TileKill, HandleTileKill },
-					{ PacketTypes.PlayerKillMe, HandlePlayerKillMe },
+					{ PacketTypes.PlaceChest, HandlePlaceChest },
 					{ PacketTypes.LiquidSet, HandleLiquidSet },
 					{ PacketTypes.PlayerSpawn, HandleSpawn },
 					{ PacketTypes.ChestGetContents, HandleChestOpen },
@@ -1247,7 +1246,7 @@ namespace TShockAPI
 					{ PacketTypes.ItemOwner, HandleItemOwner },
 					{ PacketTypes.PlayerHp, HandlePlayerHp },
 					{ PacketTypes.PlayerMana, HandlePlayerMana },
-					{ PacketTypes.PlayerDamage, HandlePlayerDamage },
+					{ PacketTypes.NpcItemStrike, HandleNpcItemStrike },
 					{ PacketTypes.NpcStrike, HandleNpcStrike },
 					{ PacketTypes.NpcSpecial, HandleSpecial },
 					{ PacketTypes.PlayerAnimation, HandlePlayerAnimation },
@@ -2861,14 +2860,6 @@ namespace TShockAPI
 
 			var type = Main.projectile[index].type;
 
-			// Players can no longer destroy projectiles that are not theirs as of 1.1.2
-			/*if (args.Player.Index != Main.projectile[index].owner && type != 102 && type != 100 && !TShock.Config.IgnoreProjKill) // workaround for skeletron prime projectiles
-			{
-				args.Player.Disable(String.Format("Owner ({0}) and player ID ({1}) does not match to kill projectile of type: {3}", Main.projectile[index].owner, args.Player.Index, type));
-				args.Player.RemoveProjectile(ident, owner);
-				return true;
-			}*/
-
 			if (TShock.CheckIgnores(args.Player))
 			{
 				args.Player.RemoveProjectile(ident, owner);
@@ -2893,71 +2884,6 @@ namespace TShockAPI
 			return false;
 		}
 
-		private static bool HandlePlayerKillMe(GetDataHandlerArgs args)
-		{
-			var id = args.Data.ReadInt8();
-			var direction = (byte)(args.Data.ReadInt8() - 1);
-			var dmg = args.Data.ReadInt16();
-			var pvp = args.Data.ReadInt8() == 0;
-			var text = args.Data.ReadString();
-			if (dmg > 20000) //Abnormal values have the potential to cause infinite loops in the server.
-			{
-				TShock.Utils.ForceKick(args.Player, "Crash Exploit Attempt", true);
-				TShock.Log.ConsoleError("Death Exploit Attempt: Damage {0}", dmg);
-				return false;
-			}
-
-			if (id >= Main.maxPlayers)
-			{
-				return true;
-			}
-
-			if (OnKillMe(id, direction, dmg, pvp))
-				return true;
-
-			if (text.Length > 500)
-			{
-				TShock.Utils.Kick(TShock.Players[id], "Crash attempt", true);
-				return true;
-			}
-
-			args.Player.Dead = true;
-			args.Player.RespawnTimer = TShock.Config.RespawnSeconds;
-
-			foreach (NPC npc in Main.npc)
-			{
-				if (npc.active && (npc.boss || npc.type == 13 || npc.type == 14 || npc.type == 15) &&
-					Math.Abs(args.TPlayer.Center.X - npc.Center.X) + Math.Abs(args.TPlayer.Center.Y - npc.Center.Y) < 4000f)
-				{
-					args.Player.RespawnTimer = TShock.Config.RespawnBossSeconds;
-					break;
-				}
-			}
-
-			if (args.TPlayer.difficulty == 2 && (TShock.Config.KickOnHardcoreDeath || TShock.Config.BanOnHardcoreDeath))
-			{
-				if (TShock.Config.BanOnHardcoreDeath)
-				{
-					if (!TShock.Utils.Ban(args.Player, TShock.Config.HardcoreBanReason, false, "hardcore-death"))
-						TShock.Utils.ForceKick(args.Player, "Death results in a ban, but you are immune to bans.", true);
-				}
-				else
-				{
-					TShock.Utils.ForceKick(args.Player, TShock.Config.HardcoreKickReason, true, false);
-				}
-			}
-
-			if (args.TPlayer.difficulty == 2 && Main.ServerSideCharacter && args.Player.IsLoggedIn)
-			{
-				if (TShock.CharacterDB.RemovePlayer(args.Player.User.ID))
-				{
-					TShock.CharacterDB.SeedInitialData(args.Player.User);
-				}
-			}
-
-			return false;
-		}
-
 		private static bool HandlePlayerKillMeV2(GetDataHandlerArgs args)
 		{
 			var id = args.Data.ReadInt8();
@@ -3021,6 +2947,8 @@ namespace TShockAPI
 				}
 			}
 
+			//Attempt to resolve issue where player's slected items sometime fail to stop rendering when they die (eg chainsaws)
+			NetMessage.SendData((int)PacketTypes.PlayerUpdate, -1, args.Player.Index, NetworkText.Empty, args.Player.Index);
 			return false;
 		}
 
@@ -3149,7 +3077,7 @@ namespace TShockAPI
 			return false;
 		}
 
-		private static bool HandleTileKill(GetDataHandlerArgs args)
+		private static bool HandlePlaceChest(GetDataHandlerArgs args)
 		{
 			int flag = args.Data.ReadByte();
 			int tileX = args.Data.ReadInt16();
@@ -3550,76 +3478,6 @@ namespace TShockAPI
 			return false;
 		}
 
-		private static bool HandlePlayerDamage(GetDataHandlerArgs args)
-		{
-			var id = args.Data.ReadInt8();
-			var direction = (byte)(args.Data.ReadInt8() - 1);
-			var dmg = args.Data.ReadInt16();
-			args.Data.ReadString(); // don't store damage text
-			var bits = (BitsByte)args.Data.ReadInt8();
-			var pvp = bits[0];
-			var crit = bits[1];
-
-			if (OnPlayerDamage(id, direction, dmg, pvp, crit))
-				return true;
-
-			if (id >= Main.maxPlayers || TShock.Players[id] == null)
-			{
-				return true;
-			}
-
-			if (dmg > TShock.Config.MaxDamage && !args.Player.HasPermission(Permissions.ignoredamagecap) && id != args.Player.Index)
-			{
-				if (TShock.Config.KickOnDamageThresholdBroken)
-				{
-					TShock.Utils.Kick(args.Player, string.Format("Player damage exceeded {0}.", TShock.Config.MaxDamage));
-					return true;
-				}
-				else
-				{
-					args.Player.Disable(String.Format("Player damage exceeded {0}.", TShock.Config.MaxDamage), DisableFlags.WriteToLogAndConsole);
-				}
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
-				return true;
-			}
-
-			if (!TShock.Players[id].TPlayer.hostile && pvp && id != args.Player.Index)
-			{
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
-				return true;
-			}
-
-			if (TShock.CheckIgnores(args.Player))
-			{
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
-				return true;
-			}
-
-			if (TShock.CheckRangePermission(args.Player, TShock.Players[id].TileX, TShock.Players[id].TileY, 100))
-			{
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
-				return true;
-			}
-
-			if ((DateTime.UtcNow - args.Player.LastThreat).TotalMilliseconds < 5000)
-			{
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
-				return true;
-			}
-
-			if (TShock.Players[id].GodMode)
-			{
-				TShock.Players[id].Heal(args.TPlayer.statLifeMax);
-			}
-
-			return false;
-		}
-
 		private static bool HandlePlayerDamageV2(GetDataHandlerArgs args)
 		{
 			var id = args.Data.ReadInt8();
@@ -3649,8 +3507,6 @@ namespace TShockAPI
 				{
 					args.Player.Disable(String.Format("Player damage exceeded {0}.", TShock.Config.MaxDamage), DisableFlags.WriteToLogAndConsole);
 				}
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
 				return true;
 			}
 
@@ -3663,22 +3519,16 @@ namespace TShockAPI
 
 			if (TShock.CheckIgnores(args.Player))
 			{
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
 				return true;
 			}
 
 			if (TShock.CheckRangePermission(args.Player, TShock.Players[id].TileX, TShock.Players[id].TileY, 100))
 			{
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
 				return true;
 			}
 
 			if ((DateTime.UtcNow - args.Player.LastThreat).TotalMilliseconds < 5000)
 			{
-				args.Player.SendData(PacketTypes.PlayerHp, "", id);
-				args.Player.SendData(PacketTypes.PlayerUpdate, "", id);
 				return true;
 			}
 
@@ -3690,6 +3540,69 @@ namespace TShockAPI
 			return false;
 		}
 
+		private static bool HandleNpcItemStrike(GetDataHandlerArgs args)
+		{
+			var npcId = args.Data.ReadInt16();
+
+			if (npcId < 0 || npcId > Main.npc.Length)
+			{
+				//Need a valid npc
+				return true;
+			}
+
+			if (Main.npc[npcId] == null || Main.npc[npcId].active == false)
+			{
+				//Only allow striking valid NPCs
+				return true;
+			}
+
+			var item = args.Player.SelectedItem ?? args.Player.ItemInHand;
+			if (item == null)
+			{
+				//Shouldn't be able to strike an NPC without holding an item
+				return true;
+			}
+
+			var direction = args.TPlayer.direction;
+			var dmg = item.damage;
+			var knockback = item.knockBack;
+
+			//Clients can spoof item damage and it won't be reflected on the server. There's no point checking item damage unless this is changed
+
+			if (OnNPCStrike(npcId, (byte)direction, (short)item.damage, item.knockBack, 0))
+			{
+				return true;
+			}
+
+			if (TShock.CheckIgnores(args.Player))
+			{
+				args.Player.SendData(PacketTypes.NpcUpdate, "", npcId);
+				return true;
+			}
+
+			if (Main.npc[npcId].townNPC && !args.Player.HasPermission(Permissions.hurttownnpc))
+			{
+				args.Player.SendErrorMessage("You do not have permission to hurt this NPC.");
+				args.Player.SendData(PacketTypes.NpcUpdate, "", npcId);
+				return true;
+			}
+
+			if (TShock.Config.RangeChecks &&
+				TShock.CheckRangePermission(args.Player, (int)(Main.npc[npcId].position.X / 16f), (int)(Main.npc[npcId].position.Y / 16f), 128))
+			{
+				args.Player.SendData(PacketTypes.NpcUpdate, "", npcId);
+				return true;
+			}
+
+			if ((DateTime.UtcNow - args.Player.LastThreat).TotalMilliseconds < 5000)
+			{
+				args.Player.SendData(PacketTypes.NpcUpdate, "", npcId);
+				return true;
+			}
+
+			return false;
+		}
+
 		private static bool HandleNpcStrike(GetDataHandlerArgs args)
 		{
 			var id = args.Data.ReadInt16();
@@ -3769,6 +3682,12 @@ namespace TShockAPI
 				return true;
 			}
 
+			if (type == 4 && (id < 0 || id > Main.npc.Length))
+			{
+				//Type == 4 -> 'BigMimicSpawnSmoke'. This access Main.npc without any bounds checking on Terraria's side.
+				return true;
+			}
+
 			return false;
 		}
 
diff --git a/TShockAPI/TShockAPI.csproj b/TShockAPI/TShockAPI.csproj
index 64aad29d..46bee4d8 100644
--- a/TShockAPI/TShockAPI.csproj
+++ b/TShockAPI/TShockAPI.csproj
@@ -68,9 +68,8 @@
       <HintPath>..\packages\MySql.Data.6.9.8\lib\net45\MySql.Data.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\packages\Newtonsoft.Json.9.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
-      <Private>True</Private>
+    <Reference Include="Newtonsoft.Json, Version=10.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="OTAPI, Version=1.3.4.4, Culture=neutral, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -203,7 +202,7 @@
   </PropertyGroup>
   <ProjectExtensions>
     <VisualStudio>
-      <UserProperties BuildVersion_UpdateAssemblyVersion="True" BuildVersion_UpdateFileVersion="True" BuildVersion_BuildAction="Both" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_StartDate="2011/6/17" BuildVersion_IncrementBeforeBuild="False" />
+      <UserProperties BuildVersion_IncrementBeforeBuild="False" BuildVersion_StartDate="2011/6/17" BuildVersion_BuildVersioningStyle="None.None.None.MonthAndDayStamp" BuildVersion_BuildAction="Both" BuildVersion_UpdateFileVersion="True" BuildVersion_UpdateAssemblyVersion="True" />
     </VisualStudio>
   </ProjectExtensions>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
diff --git a/TShockAPI/packages.config b/TShockAPI/packages.config
index cc9c5276..691052d5 100644
--- a/TShockAPI/packages.config
+++ b/TShockAPI/packages.config
@@ -2,5 +2,5 @@
 <packages>
   <package id="BCrypt.Net" version="0.1.0" targetFramework="net45" />
   <package id="MySql.Data" version="6.9.8" targetFramework="net45" />
-  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="net45" />
+  <package id="Newtonsoft.Json" version="10.0.3" targetFramework="net45" />
 </packages>
\ No newline at end of file
diff --git a/TerrariaServerAPI b/TerrariaServerAPI
index c31b0c3c..be2a5c61 160000
--- a/TerrariaServerAPI
+++ b/TerrariaServerAPI
@@ -1 +1 @@
-Subproject commit c31b0c3ca12eb638601f140f66c38a956adc1c92
+Subproject commit be2a5c61b209ee876af815abe03030c4028a2687
diff --git a/prebuilts/sqlite3.def b/prebuilts/sqlite3.def
index 45a3021b..caa046e3 100644
--- a/prebuilts/sqlite3.def
+++ b/prebuilts/sqlite3.def
@@ -16,11 +16,13 @@ sqlite3_bind_null
 sqlite3_bind_parameter_count
 sqlite3_bind_parameter_index
 sqlite3_bind_parameter_name
+sqlite3_bind_pointer
 sqlite3_bind_text
 sqlite3_bind_text16
 sqlite3_bind_text64
 sqlite3_bind_value
 sqlite3_bind_zeroblob
+sqlite3_bind_zeroblob64
 sqlite3_blob_bytes
 sqlite3_blob_close
 sqlite3_blob_open
@@ -72,7 +74,9 @@ sqlite3_create_function16
 sqlite3_create_function_v2
 sqlite3_create_module
 sqlite3_create_module_v2
+sqlite3_create_window_function
 sqlite3_data_count
+sqlite3_db_cacheflush
 sqlite3_db_config
 sqlite3_db_filename
 sqlite3_db_handle
@@ -88,6 +92,7 @@ sqlite3_errmsg
 sqlite3_errmsg16
 sqlite3_errstr
 sqlite3_exec
+sqlite3_expanded_sql
 sqlite3_expired
 sqlite3_extended_errcode
 sqlite3_extended_result_codes
@@ -101,6 +106,9 @@ sqlite3_get_table
 sqlite3_global_recover
 sqlite3_initialize
 sqlite3_interrupt
+sqlite3_keyword_check
+sqlite3_keyword_count
+sqlite3_keyword_name
 sqlite3_last_insert_rowid
 sqlite3_libversion
 sqlite3_libversion_number
@@ -129,7 +137,9 @@ sqlite3_overload_function
 sqlite3_prepare
 sqlite3_prepare16
 sqlite3_prepare16_v2
+sqlite3_prepare16_v3
 sqlite3_prepare_v2
+sqlite3_prepare_v3
 sqlite3_profile
 sqlite3_progress_handler
 sqlite3_randomness
@@ -149,6 +159,8 @@ sqlite3_result_error_toobig
 sqlite3_result_int
 sqlite3_result_int64
 sqlite3_result_null
+sqlite3_result_pointer
+sqlite3_result_subtype
 sqlite3_result_text
 sqlite3_result_text16
 sqlite3_result_text16be
@@ -156,11 +168,13 @@ sqlite3_result_text16le
 sqlite3_result_text64
 sqlite3_result_value
 sqlite3_result_zeroblob
+sqlite3_result_zeroblob64
 sqlite3_rollback_hook
 sqlite3_rtree_geometry_callback
 sqlite3_rtree_query_callback
 sqlite3_set_authorizer
 sqlite3_set_auxdata
+sqlite3_set_last_insert_rowid
 sqlite3_shutdown
 sqlite3_sleep
 sqlite3_snprintf
@@ -174,15 +188,29 @@ sqlite3_step
 sqlite3_stmt_busy
 sqlite3_stmt_readonly
 sqlite3_stmt_status
+sqlite3_str_append
+sqlite3_str_appendall
+sqlite3_str_appendchar
+sqlite3_str_appendf
+sqlite3_str_errcode
+sqlite3_str_finish
 sqlite3_strglob
 sqlite3_stricmp
+sqlite3_str_length
+sqlite3_strlike
+sqlite3_str_new
 sqlite3_strnicmp
+sqlite3_str_reset
+sqlite3_str_value
+sqlite3_str_vappendf
+sqlite3_system_errno
 sqlite3_table_column_metadata
 sqlite3_test_control
 sqlite3_thread_cleanup
 sqlite3_threadsafe
 sqlite3_total_changes
 sqlite3_trace
+sqlite3_trace_v2
 sqlite3_transfer_bindings
 sqlite3_update_hook
 sqlite3_uri_boolean
@@ -193,9 +221,14 @@ sqlite3_value_blob
 sqlite3_value_bytes
 sqlite3_value_bytes16
 sqlite3_value_double
+sqlite3_value_dup
+sqlite3_value_free
 sqlite3_value_int
 sqlite3_value_int64
+sqlite3_value_nochange
 sqlite3_value_numeric_type
+sqlite3_value_pointer
+sqlite3_value_subtype
 sqlite3_value_text
 sqlite3_value_text16
 sqlite3_value_text16be
@@ -206,7 +239,9 @@ sqlite3_vfs_register
 sqlite3_vfs_unregister
 sqlite3_vmprintf
 sqlite3_vsnprintf
+sqlite3_vtab_collation
 sqlite3_vtab_config
+sqlite3_vtab_nochange
 sqlite3_vtab_on_conflict
 sqlite3_wal_autocheckpoint
 sqlite3_wal_checkpoint
@@ -214,7 +249,13 @@ sqlite3_wal_checkpoint_v2
 sqlite3_wal_hook
 sqlite3_win32_is_nt
 sqlite3_win32_mbcs_to_utf8
+sqlite3_win32_mbcs_to_utf8_v2
 sqlite3_win32_set_directory
+sqlite3_win32_set_directory16
+sqlite3_win32_set_directory8
 sqlite3_win32_sleep
+sqlite3_win32_unicode_to_utf8
 sqlite3_win32_utf8_to_mbcs
+sqlite3_win32_utf8_to_mbcs_v2
+sqlite3_win32_utf8_to_unicode
 sqlite3_win32_write_debug
diff --git a/prebuilts/sqlite3.dll b/prebuilts/sqlite3.dll
old mode 100644
new mode 100755
index 59e23784..d1b9cb82
Binary files a/prebuilts/sqlite3.dll and b/prebuilts/sqlite3.dll differ
diff --git a/scripts/create_release.py b/scripts/create_release.py
index 3a25f76d..346253b5 100755
--- a/scripts/create_release.py
+++ b/scripts/create_release.py
@@ -47,7 +47,7 @@ mysql_bin = os.path.join(cur_wd, "packages", "MySql.Data.6.9.8", "lib", "net45",
 sqlite_dep = os.path.join(cur_wd, "prebuilts", sqlite_dep_name)
 sqlite_bin = os.path.join(cur_wd, "prebuilts", sqlite_bin_name)
 http_bin = os.path.join(cur_wd, "prebuilts", http_bin_name)
-json_bin = os.path.join(cur_wd, "packages", "Newtonsoft.Json.9.0.1", "lib", "net45", json_bin_name)
+json_bin = os.path.join(cur_wd, "packages", "Newtonsoft.Json.10.0.3", "lib", "net45", json_bin_name)
 bcrypt_bin = os.path.join(cur_wd, "packages", "BCrypt.Net.0.1.0", "lib", "net35", bcrypt_bin_name)
 geoip_db = os.path.join(cur_wd, "prebuilts", geoip_db_name)
 release_bin = os.path.join(cur_wd, "TShockAPI", "bin", "Release", tshock_bin_name)